Full Disclosure mailing list archives
Re: RE: FWD: Internet Explorer URL parsing vulnerability
From: S G Masood <sgmasood () yahoo com>
Date: Wed, 10 Dec 2003 05:21:36 -0800 (PST)
I dont understand character sets, you say, but let me ask you one question - do you understand English? Let me give you a hint - The original post and the thread were about a URL masking vuln. in IE which just happened to use the http://a@b feature...the issue at hand was *not* that we could use http://a@b to somewhat obfuscate a URL. Now go and read the advisory and your post once again(http://dictionary.reference.com would probably help you). Did you really think full-disclosure members had fallen so low as to start a thread about the @ URL obfuscation?
and as for the why the %01 works, i can only assume as %01 is a non printable character IE stops it there, its the same as if u would use %02 and so on, or are you that moronic you dont understand character sets?
Hmph! non printable character...%02...You call me a "moron" based on your slouchy "assumption". It would take you exactly 60seconds to test the validity of your ideas before posting. Remember to try the "%02" before you post once again. Stop disgracing yourself on a serious public forum with your stupid fantasies & assumptions and go gator some kiddie list. -- S.G.Masood To Rest of The List - I never flame anyone but I simply couldn't stop this time :)
----- Original Message ----- From: "S G Masood" <sgmasood () yahoo com> To: <full-disclosure () lists netsys com> Sent: Wednesday, December 10, 2003 8:06 PM Subject: Re: [Full-disclosure] RE: FWD: Internet Explorer URL parsing vulnerability--- VeNoMouS <venom () gen-x co nz> wrote:umm tested this you dont need %01 either btw. www.microsoft.com () www linux orgWhat is your point? Have you read the originalpost?Apart from this, does anyone have a "lowlevel" explanation why the %01 trick works? -- iNt27~ __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.netsys.com/full-disclosure-charter.html
__________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: FWD: Internet Explorer URL parsing vulnerability, (continued)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: FWD: Internet Explorer URL parsing vulnerability Julian HO Thean Swee (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Cedric Blancher (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Exibar (Dec 10)
- RES: RE: FWD: Internet Explorer URL parsing vulnerability Cleber P. de Souza (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Frank de Wit (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Jedi/Sector One (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Ricardo Moura (Dec 12)
- Re: Re: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 10)